﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.Configuration;
using System.Data;
using System.Data.SqlClient;
using System.Security.Cryptography;
using System.Text.RegularExpressions;

public partial class AppCode_Employee_ChangePassword : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {
        if (Session["userNameEmployee"] == null)
        {
            Response.Redirect("../Home/HomePage.aspx");
        }
        Label2.Visible = false;
        Label4.Visible = false;
        Label6.Visible = false;
        Label7.Visible = false;
        Label8.Visible = false;
        success.Visible = false;

    }
    protected void Button1_Click(object sender, EventArgs e)
    {
        Boolean check = false;
        if (txtOldpass.Text.Equals(""))
        {
            check = true;
            Label7.Visible = true;
        }
        else if (!CheckOldPass(txtOldpass.Text))
        {
            check = true;
            Label2.Visible = true;
        }
        
        if (txtNewPass.Text.Equals(""))
        {
            check = true;
            Label4.Visible = true;
        }
        else if (!Regex.IsMatch(txtNewPass.Text, "(?!^[0-9]*$)(?!^[a-zA-Z]*$)^([a-zA-Z0-9]{8,10})$"))
        {
            check = true;
            Label8.Visible = true;
        }
        if (!ConfirmPass(txtNewPass.Text))
        {
            check = true;
            Label6.Visible = true;
        }
        if (!check)
        {
            String username = Session["userNameEmployee"].ToString();
            String connect = WebConfigurationManager.ConnectionStrings["ConnectDatabase"].ToString();
            SqlConnection sqlConnect = new SqlConnection(connect);
            sqlConnect.Open();
            SqlCommand sqlCommand = new SqlCommand("Update EmpRegister Set Password=@password where username='" + username + "'", sqlConnect);
            sqlCommand.Parameters.AddWithValue("@password", this.EncryptString(txtNewPass.Text, "Password"));
            sqlCommand.ExecuteNonQuery();
            sqlConnect.Close();
            success.Visible = true;
        }
    }
    public Boolean CheckOldPass(String pass)
    {
        String username = Session["userNameEmployee"].ToString();
        String connect = WebConfigurationManager.ConnectionStrings["ConnectDatabase"].ToString();
        SqlConnection sqlConnect = new SqlConnection(connect);
        sqlConnect.Open();
        SqlCommand sqlCommand = new SqlCommand("Select password from EmpRegister where username='" + username + "'", sqlConnect);
        SqlDataReader reader = sqlCommand.ExecuteReader();
        reader.Read();
        if (this.DecryptString(reader.GetString(0), "Password").Equals(pass))
        {
            sqlConnect.Close();
            return true;
        }
        sqlConnect.Close();
        return false;
    }
    public Boolean ConfirmPass(string confirmedPass)
    {
        if (txtConfirm.Text.Equals(confirmedPass))
        {
            return true;
        }
        return false;

    }
    public string EncryptString(string Message, string Passphrase)
    {
        byte[] Results;
        System.Text.UTF8Encoding UTF8 = new System.Text.UTF8Encoding();
        MD5CryptoServiceProvider HashProvider = new MD5CryptoServiceProvider();
        byte[] TDESKey = HashProvider.ComputeHash(UTF8.GetBytes(Passphrase));
        TripleDESCryptoServiceProvider TDESAlgorithm = new TripleDESCryptoServiceProvider();
        TDESAlgorithm.Key = TDESKey;
        TDESAlgorithm.Mode = CipherMode.ECB;
        TDESAlgorithm.Padding = PaddingMode.PKCS7;
        byte[] DataToEncrypt = UTF8.GetBytes(Message);
        try
        {
            ICryptoTransform Encryptor = TDESAlgorithm.CreateEncryptor();
            Results = Encryptor.TransformFinalBlock(DataToEncrypt, 0, DataToEncrypt.Length);
        }
        finally
        {
            TDESAlgorithm.Clear();
            HashProvider.Clear();
        }
        return Convert.ToBase64String(Results);
    }

    public string DecryptString(string Message, string Passphrase)
    {
        byte[] Results;
        System.Text.UTF8Encoding UTF8 = new System.Text.UTF8Encoding();
        MD5CryptoServiceProvider HashProvider = new MD5CryptoServiceProvider();
        byte[] TDESKey = HashProvider.ComputeHash(UTF8.GetBytes(Passphrase));
        TripleDESCryptoServiceProvider TDESAlgorithm = new TripleDESCryptoServiceProvider();
        TDESAlgorithm.Key = TDESKey;
        TDESAlgorithm.Mode = CipherMode.ECB;
        TDESAlgorithm.Padding = PaddingMode.PKCS7;
        byte[] DataToDecrypt = Convert.FromBase64String(Message);

        try
        {
            ICryptoTransform Decryptor = TDESAlgorithm.CreateDecryptor();
            Results = Decryptor.TransformFinalBlock(DataToDecrypt, 0, DataToDecrypt.Length);
        }
        finally
        {
            TDESAlgorithm.Clear();
            HashProvider.Clear();
        }
        return UTF8.GetString(Results);
    }
}